CVE Catalog

CVE-2026-57617

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

The SeedProd Pro plugin versions prior to 6.19.5 contain a Cross Site Scripting (XSS) vulnerability in the contributor function. It allows an attacker to inject malicious JavaScript code into pages generated by the plugin.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, redirect them to malicious sites, or perform other actions in their context, potentially leading to data confidentiality and integrity breaches.

Recommendation

Immediately update the SeedProd Pro plugin to version 6.19.5 or later, which fixes this vulnerability.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS